FindUncommonShares – A Python Equivalent Of PowerView’s Invoke-ShareFinder.ps1 Allowing To Quickly Find Uncommon Shares In Vast Windows Domains

  The script is a Python equivalent of PowerView‘s Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Active Directory Domains. Features Only requires a low privileges domain user account. Automatically gets the list of all computers from the domain controller’s LDAP. Ignore the hidden shares (ending with $) with –ignore-hidden-shares. Multithreaded connectionsRead More

Email-Vulnerablity-Checker – Find Email Spoofing Vulnerablity Of Domains

Verify whether the domain is vulnerable to spoofing by Email-vulnerablity-checker Features This tool will automatically tells you if the domain is email spoofable or not you can do single and multiple domain input as well (for multiple domain checker you need to have text file with domains in it) Usage: Clone the package by running:Read More

ExchangeFinder – Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version

ExchangeFinder is a simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on the top common DNS names for Microsoft Exchange. ExchangeFinder can identify the exact version of Microsoft Exchange starting from Microsoft Exchange 4.0 to Microsoft Exchange Server 2019. How does it work? ExchangeFinder will first tryRead More

DomainDouche – OSINT Tool to Abuse SecurityTrails Domain Suggestion API To Find Potentially Related Domains By Keyword And Brute Force

Abusing SecurityTrails domain suggestion API to find potentially related domains by keyword and brute force. Use it while it still works (Also, hmu on Mastodon: @[email protected]) Usage: usage: [-h] [-n N] -c COOKIE -a USER_AGENT [-w NUM] [-o OUTFILE] keywordAbuses SecurityTrails API to find related domains by keyword.Go to, solve any CAPTCHA youRead More

Kubeeye – Tool To Find Various Problems On Kubernetes, Such As Application Misconfiguration, Unhealthy Cluster Components And Node Problems

  KubeEye is an inspection tool for Kubernetes to discover Kubernetes resources (by OPA ), cluster components, cluster nodes (by Node-Problem-Detector) and other configurations are meeting with best practices, and giving suggestions for modification. KubeEye supports custom inspection rules and plugins installation. Through KubeEye Operator, you can view the inspection results and modification suggestions byRead More

Deadfinder – Find Dead-Links (Broken Links)

Dead link (broken link) means a link within a web page that cannot be connected. These links can have a negative impact to SEO and Security. This tool makes it easy to identify and modify. Installation Install with Gem gem install deadfinder Docker Image docker pull Usage Commands: deadfinder file # Scan the URLsRead More

Trufflehog – Find Credentials All Over The Place

TruffleHog Find leaked credentials. Join The Slack Have questions? Feedback? Jump in slack and hang out with us Demo docker run -it -v “$PWD:/pwd” trufflesecurity/trufflehog:latest github –org=trufflesecurity What’s new in v3? TruffleHog v3 is a complete rewrite in Go with many new powerful features. We’ve added over 700 credential detectors that support active verificationRead More

SharpSniper – Find Specific Users In Active Directory Via Their Username And Logon IP Address

Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific users in the domain can be compromised, for example the CEO. SharpSniper is a simple tool to find the IP address of these users so that you can target their box. It requires that youRead More

Dora – Find Exposed API Keys Based On RegEx And Get Exploitation Methods For Some Of Keys That Are Found

Features Blazing fast as we are using ripgrep in backend Exploit/PoC steps for many of the API key, allowing to write a good report for bug bounty hunting Unlike many other API key finders, dora also shows the path to the file and the line with context for easier analysis Can easily be implemented intoRead More

Wholeaked – A File-Sharing Tool That Allows You To Find The Responsible Person In Case Of A Leakage

wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage. It’s written in Go. How? wholeaked gets the file that will be shared and a list of recipients. It creates a unique signature for each recipient and adds it to the file secretly. After then, it canRead More